If connected cars are the future, connected car hacking will need to become a dominant focus of cybersecurity. Unfortunately, the latest battlefront in cybersecurity is beginning to look hauntingly like IT cybersecurity: Companies respond after hackers expose glitches and security holes.
We’ve seen this extensively in 2019. A popular telematics system was left vulnerable when hackers discovered the hard-coded credentials within. Hackers said in an interview they had figured out how to do a mass activation of connected car immobilizers, leaving them at risk of being stranded on the highway. A software engineer discovered a bug that would have allowed hackers to remotely start vehicles via an internet connection. And so on.
Car companies immediately remediated many hacks discovered in 2019 – but as in IT, the remediation came after the fact. That’s unacceptable; unlike infected servers, which are unlikely to do any more than cost companies time and money to fix, vehicles hurtling down the highway at 60 miles an hour can kill.
A scenario foreseen in a Georgia Tech study, where hackers use “gridlockware” to halt vehicles until they pay a ransom, is a frighteningly real possibility – perhaps even probability. According to the study, “hackers could not only wreck the occasional vehicle but possibly compound attacks to gridlock whole cities by stalling out a limited percentage of cars.” You wouldn’t even need to disable all the cars on the road; it would be enough to stall out just 20% of them. Just the threat of an attack like that – which would likely bring in its wake road rage violence on an unprecedented scale, along with major economic losses – would likely prompt city officials to cough up whatever ransom hackers demanded. Attacks like these, and certainly others on a smaller scale, are likely to become more common as the decade turns.
For more in depth information, check out the article in VentureBeat.